New HIPAA Rules Mean New Burdens and Opportunities for Lenders

Julie A. Simer, Esq. and Robert A. Willner, Esq.

As an increasing number of health care providers move to electronic health record systems, patient privacy is becoming a serious concern. On January 25, 2013, new regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) were issued to strengthen protections for the privacy of health information and increase the penalties for violating those protections. (78 Fed. Reg. 5,565).

Many of the services lenders provide to customers are exempt from HIPAA, including payment processing, auditing, transferring receivables for payment, resolving customer inquiries or disputes, reporting to consumer reporting agencies, responding to subpoenas, or complying with the law. When a lender’s services extend beyond statutorily approved activities, however, the lender must comply with HIPAA. Therefore, lenders must understand how new HIPAA compliance requirements affect them and their borrowers.

Read more

Now is the Time to Revise Your Business Associate Agreements

By: Julie A. Simer and Brooke J. Ledger

There is a lot of confusion among providers caused by the recent publication of new rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). On January 25, 2013, the HIPAA final omnibus rule (“Final Rule”) issued by the U.S. Department of Health and Human Services (“HHS”) was published in the Federal Register (78 FR 5565). The Final Rule is actually four rules rolled into one massive 523‐page rule. The Final Rule changes the requirements necessary to protect the privacy and security of protected health information (“PHI”) under the HIPAA Privacy, Security, and Enforcement Rules. The Final Rule strengthens protection for PHI and heightens breach‐reporting obligations. For providers, it will require:

1. Revising Existing Notices of Privacy Practice

2. Revising Existing Business Associate Agreements

3. Requiring Business Associates to Execute Business Associate Agreements With Subcontractors

More

Buchalter Nemer Teleseminar – New HIPAA Rules

February 13, 2013

New HIPAA Rules and What to Do Now to Avoid Increased Penalties
Julie A. Simer and Brooke J. Ledger
12:00 Noon-1:00 PM PST (telecast from Orange County Office)

The 563-page final HIPAA Omnibus Rule published in the Federal Register on January 25, 2013 makes important changes to the HIPAA rules for privacy and security of protected health information. Among these changes are new breach notification requirements and increased the penalties for a breach of protected health information. This means that covered entities must assess their current privacy and security policies, review relationships with business associates and subcontractors, review notices of privacy practices, conduct risk assessments, and evaluate breach notification policies. Get practical information on what your organization must do now to avoid significant penalties.